Another innovative industry leader I had the pleasure of speaking with was Michael Bargury, Co-Founder and CTO of Zenity, a pioneering company that is redefining how enterprises approach security for generative AI, low-code, and no-code development. Zenity addresses a critical issue that has emerged as enterprises rapidly adopt AI-powered copilots, like Microsoft Copilot, which introduce significant risks due to their extensive access and capabilities. Zenity is leading the charge in mitigating these risks by treating them as an application security problem rather than just a matter of least privilege or data classification.
As enterprises embrace AI and empower business users with tools like enterprise copilots, they inadvertently open the door to severe security risks. These AI tools require broad access to data and systems, making them potential targets for attacks that can lead to remote copilot execution (RCE) and promptware vulnerabilities. Zenity’s mission is to secure this new frontier by focusing on the security governance of AI, low-code, and no-code platforms, ensuring that innovation does not come at the expense of security.
Zenity is the world’s first security governance platform specifically designed for generative AI, low-code, and no-code development. The platform offers an agent-less SaaS solution that continuously scans these environments to identify AI applications, bots, and copilots. Zenity then assesses the risks associated with these assets, such as AI data access, security misconfigurations, and business logic flaws. By mapping these risks to widely recognized security frameworks like the OWASP Top 10 for LLM and Low-Code/No-Code, Zenity provides enterprises with actionable insights to mitigate threats.
At the heart of Zenity’s approach is the AI Trust Layer, which enforces security controls across AI copilots. This layer prevents jailbreak and prompt injection attacks, detects malicious AI agents, and safeguards against supply chain compromises. The platform also offers automated remediation capabilities, ensuring that security measures are silently enforced without disrupting business operations.
Since its inception in 2021, Zenity has earned the trust of leading global organizations by enabling them to configure robust security guardrails, prioritize and remediate vulnerabilities, and maintain business continuity. With its innovative approach to AI security, Zenity empowers security leaders with increased visibility, risk assessment, and autonomous governance over their AI and low-code ecosystems.
Michael Bargury emphasizes the urgency of addressing these emerging threats: “The AI rush means that we have no buffer before these newly discovered vulnerabilities lead to an impact on the enterprise. We have recently uncovered vulnerabilities that need no prior access or knowledge of your systems—bad actors only need to send you a single email (or a Teams message, or a calendar invite) to gain full control over enterprise copilots. Unfortunately, this is similar to malware, in that it cannot be mitigated, but like malware, this ‘promptware’ can be managed by placing AppSec controls at the center of the enterprise strategy to secure enterprise copilots.”
Zenity is uniquely positioned to help today’s enterprises unleash the full potential of enterprise copilots and low-code/no-code development while maintaining robust security. The company is already collaborating with some of the world’s largest and most complex organizations to drive their business forward securely. If you’re interested in learning how to prevent remote copilot execution and implement application security controls for AI and low-code platforms, visit Zenity’s website to explore their latest findings and schedule a risk assessment.
About the Author
Kylie Amison is a proud alumnus of George Mason University where she obtained her Bachelor of Science degree in Cybersecurity Engineering with a minor in intelligence analysis and on call reporter for Cyber Defense Magazine
She is working full time at a leading mobile security company as an Application Security Analyst where her main tasking involves pen-testing mobile applications, secure mobile application development, and contributing to exciting projects and important initiatives that are consistently highlighted throughout the security industry.
In addition, Kylie contributed to a startup company as a cybersecurity software developer where she was the lead developer on one of the company’s products; a geopolitical threat intelligence engine that combines a broad assortment of metrics and NLP sentiment analysis to calculate nuanced and real-time threat scores per nation state. Contributing to this initiative has been pivotal in her knowledge of creating secure software and has given her the opportunity to not only develop her first product, but to also start her own startup company, productizing the software and capabilities created in her threat intelligence engine. She is presently co-founder and CTO of Xenophon Analytics.
Throughout all of her experiences and coursework, she has gained essential skills in secure software development, penetration testing, mobile security and a plethora of coding languages. She has further aspirations of going back to school to get a graduate degree in the field of digital forensics and cybersecurity.
Beyond academics and professional life, Kylie enjoys watching anime, reading, and doing anything with nature involved. When asked her ultimate goal in life, she responded with “My goal in life is to learn every single day, and I am proud to be doing just that.”
Source: www.cyberdefensemagazine.com